A vulnerability labeled as critical has been found in Esri ArcGIS Server up to 12.0. Affected by this issue is some unknown functionality of the component File Upload Handler. Executing a manipulation can lead to unrestricted upload.

This vulnerability appears as CVE-2026-9182. The attack may be performed from remote. There is no available exploit.